Meta

UPDATE: 29 May 2014 at 9:30 MDT

The TrueCrypt development team has broke their silence to the audit team. My suspicions articulated in this post were correct. You can learn more at GRC. TrueCrypt will be adopted by the Linux Foundation, ensuring its continued vitality and success as an open source project in the free world. Join the Linux Foundation if you can.

These projects are essential to the backbone of the internet. Typically, they rely on volunteers for development, testing, reporting bugs, and evangelism. They also, typically, rely on donated financing as well…

So, these projects, free as in speech and as in beer, are powering significant portions of the web. In the case of Apache Web Server, “Apache is used by 60.5% of all the websites whose web server we know” (W3Techs, May 2014). OpenSSL is used to encrypt 16% of websites among Alexa’s top million websites (Datanyze, May 2014).

But these projects are struggling. Recently the TrueCrypt Foundation announced the end of the TrueCrypt project. Some suspect foul play from three-letter government agencies. Others suspect hackers. But the undeniable reality remains: TrueCrypt is an open source project written and maintained by anonymous volunteers.

While the tinfoil hat conspiracies are fun to entertain, it is likely not the reality here. TrueCrypt’s developers have shown us the reality of the world without free, open-source security. We are left to trust our OS vendors and their closed-source unverifiable encryption. The “ominous” message posted to the TrueCrypt SourceForge page, in my opinion, is designed to be hyperbolic and terrifying! Without the support of the open source community, TrueCrypt cannot survive. Without a compassionate community that understands that TrueCrypt is a hobby for the developers, it is unsafe for TrueCrypt to continue the project. Potential for legal liability is high (even though the developers are completely anonymous).

After the world’s kneejerk reaction to the OpenSSL Heartbleed vulnerability, people got mad at the small development team for pushing such shoddy, insecure software. But the reality is this: the OpenSSL library, for its one failure, has had billions of successes. But nobody cared. Heartbleed scared people, and that, in the court of public opinion, overshadowed those billions of successes.

Suspicious Shutdown…

People are citing an out-of-character shutdown for the TrueCrypt project. Some consider it to be a warrant canary (since their behavior is so different from TrueCrypt’s MO). Many of the recommendations made by the TrueCrypt team are ironically terrible advice considering how cautious we’ve become with TrueCrypt at the helm.

If you have files encrypted by TrueCrypt on Linux:

Use any integrated support for encryption. Search available installation packages for words encryption and crypt, install any of the packages found and follow its documentation

In other words they’re saying “just search for something and use it.”

On the Windows end of things, they’re simply stating that we should embrace a closed-source solution that they’ve been subverting for the past 10 years.

If you were a TrueCrypt developer…

So taking the totality of the current state of TrueCrypt into account, it’s a massive burden for the development team to bear. On one hand, it has been a monumental success for privacy advocates and data security, but on the other hand one small vulnerability could destroy its credibility and its meteoric rise to fame might collapse in days.

So the developers did what anybody in this position might do. They called the game. They left us with an ominous picture of the world without TrueCrypt: trusting our data to closed-source solutions, with little to no recourse against three-letter agency interests in backdoors. Developing TrueCrypt was a thankless job, and they don’t want to be responsible for its collapse.

If the world doesn’t want to invest in open source software, it’s the world’s loss.

I hope the developers of TrueCrypt are safe, and that the conspiracies are not true. This might be the wake-up call open source needs.

Two smoothie cubes contain recommended (based on 2,000 calorie diet) Vitamin A intake for the day. Vitamin A is fat-soluble, so you should not exceed your recommended daily intake. Talk to your doctor.

I have been working on some exciting new WordPress things that I plan on releasing in compliance with the GPL.

First, since there wasn’t a decently simple (free) front-end profile management system, I decided to write one if my own. It is completely customizable with short codes and allows you to validate input with regular expressions before you save the data. All of this is controlled in the post editor. It is nonced using WordPress’ nonce API. It’s pretty elegant in its implementation.

Next, I plan to release some sort of iteration of my SCSS/CSS and WordPress template framework tools. I have tons of code generation spreadsheets that make grid design and implementation a piece of cake. Provide a couple parameters and the spreadsheet will calculate responsive grids. The grid is based on 6 columns and intelligently resizes all the way down to small screens. I have spreadsheets to make a lot of development work easier. It would be a shame if I didn’t share.

So why is it a big deal? And why does it have value? Well, this is my attempt of explaining one of the fundamental facets of currency: a proof of work.

Disclaimer: I am no economist. There are other variables at play when valuing a currency. Please bring these discrepancies and concerns to my attention in the comments.

Proof of Work

Proof of Work is arguably one of the biggest things that make a currency valuable. The idea is that when we have something, and when we want to use that as currency, we need to know that it wasn’t produced trivially.

Traditionally, up until recently, we have used gold (or other precious metals) as proof of work. We understand that gold (etc) is rare, and if someone is able to produce a quantity of gold, we know that they worked a specific, non-trivial amount to obtain that gold. As a result, our currencies have been defined by precious assets.

Cool. But what about Bitcoin?

Glad you asked! Bitcoin derives its value from computation. I.E., Bitcoin is valuable because we use computers to create it. But how do we create a proof of work out of our computing power? Easy. We create problems that take computers a very long time to solve. In the design of Bitcoin, this is achieved with hashing.

Okay… What’s hashing?

[functions] primarily used to generate fixed-length output data that acts as a shortened reference to the original data. This is useful when the original data is too cumbersome to use in its entirety.

Consider a hash as a boiled-down version of its input. The hash of a pot of soup would be some sort of reduction scraped off the bottom of a pan.

What is fascinating about hashes (and this is where the soup analogy stops working) is that hashes are one way. In most cases, it is impossible to effectively reverse a hash without using trial and error.

In other words, there is no way to tell what a hash’s input was.

This is where Bitcoin’s value comes from.

Hashes and the Blockchain

Bitcoin transactions are recorded in a special, public data structure called a block chain. Special programs called miners are used to add new blocks to the end of the block chain.

A miner’s task is to gather recent transaction metadata and a few other pieces of metadata, and find a random number that, when combined with the rest of the metadata, produces a hash that meets the difficulty requirement of the network.

What’s worth note is that this block’s hash has 15 zeroes at the beginning. This is evidence of the proof of work. Finding a hash of the block is incredibly difficult right now, and as the Bitcoin network’s computing power increases, the required hashing difficulty increases accordingly.

How does a computer find a hash?

Gather necessary metadata and structure it according to standard.

Generate a random number and place it in the block.

Hash the block.

If the hash meets the network’s difficulty requirements the block is appended to the block chain, and the next block begins.

If the hash doesn’t meet the network’s requirements, the computer is welcome to try again until it finds a valid hash.

What’s interesting is that the hashes are dramatically different. Consequently, it is nearly impossible to effectively game the inputs of a hash with an understanding of how it will affect the output.

Interestingly, these two hashes are such rare combinations of letters and numbers that performing a Google search for either hash will probably only lead to this article.

Most computers with a good graphics card are capable of computing around 30-50 million hashes per second. That’s 30 to 50 million GUESSES per second.

The size of the entire network is at 17625 Thash/s. In other words, the network is guessing 17,625 billion hashes per second attempting.

Hashes are relatively easy to calculate. So once a random number is appended to the block and calculated to a valid hash, it can be recalculated instantly and reliability. This verifies the proof of work.

The miner that successfully hashes the block is awarded an amount of Bitcoins for their work. This is how Bitcoins are minted.The first miner to hash the block successfully gets the reward. As a result, the network races to verify transactions. Most Bitcoin transactions are committed to the blockchain within 10 minutes!

Safety.

This intensive hashing process also makes it virtually impossible to adjust the blockchain retroactively. If an attacker wanted to undo or alter a transaction that happened in the past, the attacker would have to re-hash the block and every block after it since each block contains the hash of the block before it. This is too much work for one adversary to achieve in a million lifetimes.

As a result, once a transaction has been committed to the blockchain, it is safe for eternity. Bitcoin does not have refunds, or chargebacks for this reason.

Power.

Remember when I stated that one computer would take nearly 98 years to solve a block? This leads to the exploitation of a very precious resource: our computing power. At the moment, the Bitcoin network is capable of mining a block in about 10 minutes.

Mining is most commonly completed in pools that allow participants to solve hashes and share on the minted coins. You are rewarded in proportion to the amount of work your computer completed.

Conclusion

Bitcoin is valuable, and we aren’t just pretending like it is for the sake of fantasy. As with every other valuable currency, there is a proof of work involved in discovering new Bitcoins.

Rather than physically mining gold or precious metals, the Bitcoin network is seeking an answer (the hash) to a math problem that can only be found by trial and error. The hash uses transaction metadata and a random number so that any changes in transactions would require rehashing each block of transactions. As a result, it is impossible to retroactively adjust a transaction.

Try it!

Bitcoin is cool. It makes it easy to send money avoiding restrictions regarding exchange rates and repatriation of money.

If you are looking to try Bitcoin, head to trybtc.com. They’ll transfer a tiny amount of Bitcoin to a wallet of your choice.

Thanks for reading! If you want to send me Bitcoin for any reason, my public address is
16sVVZiJuCUBpWhKRDse1AzSkNvxHNgceT

Are you attempting to embed YouTube videos in a secure (https) WordPress site? Well, browsers should be blocking that content since the videos are not coming in over a secure channel.

A consequence is that some YouTube videos won’t display, and an error won’t be displayed–which is annoying.

Here is a brief snippet that can be added to your functions.php file to fix the problem once and for all.

PHP

1

2

3

4

5

6

7

functionyoutube_the_content($content){

$search=array("http://www.youtube.com","http://youtube.com");

returnstr_replace($search,"https://www.youtube.com",$content);

}

add_filter('the_content','youtube_the_content');

The line beginning with “$search” specifies that we are searching for non-secure links to YouTube, and the return line combs through the post, and fixes the links so the embeds display properly. It’s a simple fix, based on WordPress’ powerful filter hook system.

I started a new GitHub repo to fill with jQuery utilities and behaviors.

The initial commit is filled with viewport sizing utilities. The utilities make it easy to use viewport-relative sizing in situations where browsers do not support VW and VH.

Something that I use a lot is the Letterboxing module. Simply by adding .jq-letterbox, you can strictly enforce an element to have a widescreen aspect ratio. This is very handy for sites that show lots of YouTube movie trailers.

Grab the Repo

https://github.com/bradkovach/jqUtilities

Installation

1. Import a recent version of jQuery

Note: script tags do not need
type="text/javascript" when using HTML5.

I just thought I should point out, publicly, that Vine is consuming my life. Vine is the trendy new social network from Twitter that allows you to create and publish short, looping 6-second videos. The creation controls are primitive, but the results have been extremely creative.

Your available options for editing include touching the screen to record, and not touching the screen to not record.